Virus: Please Help

Discussion in 'Malware Help (A Specialist Will Reply)' started by lady, Sep 1, 2013.

  1. lady

    lady Private E-2

    Hello, I was trying to download a torrent and I OK'ed a few programs, which I now think were bugged. I have a few new programs from that day called: Deluge, diamonddata, expressfile, AVGsafetoolbar, and delta. They are in a C: file called Program Files x86.
    My computer is now much slower, and my google has this delta search engine I cant change, and AVG homepages. It also wont play any sound on videos. My internet explorer keeps saying that it encountered a problem and is closing, but it doesn't actually close and sort of works. A Pop-up is usually flashing on bottom left of my explorer screens and this Flash Update window keeps launching.
    I have 64bit Windows 7, and ran all the tests in the procedure you all posted. The only issue I had was when I downloaded MG, it said I wasn't the administrator (even though I was logged in as Adm) and I had to save it in a personal folder.
    Thanks.
     

    Attached Files:

    lady, Sep 1, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555
    R3 - URLSearchHook: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
    O2 - BHO: diamondata - {055af109-de93-4160-bcfc-7da70ecaa020} - C:\Program Files (x86)\diamondata\diamondatabho.dll
    O2 - BHO: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Tony\AppData\Local\DownloadTerms\temp.dat
    O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
    O2 - BHO: BitTorrentControl_v12 - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
    O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
    O23 - Service: BrowserDefendert - Unknown owner - C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (file missing)
    O23 - Service: Update diamondata - diamondata - C:\Program Files (x86)\diamondata\updatediamondata.exe
    O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe

    After clicking Fix, exit HJT.

    Now uninstall the below programs. If they do not uninstall or you do not find them, just keep going.
    AVG SafeGuard toolbar
    BitTorrentControl_v12 Toolbar
    DefaultTab Chrome
    DefaultTab
    Deluge 1.3.6
    Java 7 Update 17

    Now install the current version of Sun Java from: Sun Java Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.


    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Services
BrowserDefendert
Update diamondata
vToolbarUpdater15.5.0
 
:Files
C:\ProgramData\AVG SafeGuard toolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\DefaultTab
C:\Program Files (x86)\Delta
C:\Program Files (x86)\Deluge
C:\Program Files (x86)\diamondata
C:\Program Files (x86)\ExpressFiles
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\Tony\AppData\Local\Temp\2387B524-FDA2-4E04-8EDC-F359DA58B2A2.exe
C:\ProgramData\Babylon
C:\ProgramData\BrowserDefender
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
C:\Users\Guest\AppData\LocalLow\AskToolbar
C:\Users\Tony\AppData\Local\Conduit
C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
C:\Users\Tony\AppData\LocalLow\Conduit
C:\Users\Tony\AppData\LocalLow\Delta
C:\Users\Tony\AppData\Roaming\BabSolution
C:\Users\Tony\AppData\Local\TopArcadeHits
C:\Windows\TEMP\*.*
C:\Users\Tony\AppData\Local\Temp\*.*
 
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaappCore.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaappCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltadskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltadskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaHlpr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\delta.deltaHlpr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\s]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{57C91446-8D81-4156-A70E-624551442DE9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Delta\delta]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-2213588494-2716610193-2853546780-1001\Software\AppDataLow\Software\Smartbar]
[-HKEY_USERS\S-1-5-21-2213588494-2716610193-2853546780-1001\Software\Conduit]
[-HKEY_USERS\S-1-5-21-2213588494-2716610193-2853546780-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}]
[-HKEY_USERS\S-1-5-21-2213588494-2716610193-2853546780-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-2213588494-2716610193-2853546780-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-2213588494-2716610193-2853546780-1001\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055af109-de93-4160-bcfc-7da70ecaa020}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"vProt"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"vProt"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{75355328-E5A9-44A1-9809-D72643366ECC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77816C38-783F-4E65-951A-6AFCD3DA92B5}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A16AE72E-1618-46E9-A250-904365701FBD}]
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Sep 1, 2013
    #2
  3. lady

    lady Private E-2

    Thank you!! I have completed the HJT portion, and I just remembered something. When I realized my computer was compromised, I tried to manually quarantine the malware with Norton 360. It took about an hour to select only a tiny fraction of all the files located inside these programs, but I also quarantined some of the "uninstall" files, because I was paranoid that they were really viruses inside them. I gave up when I couldn't find a way to quarantine the whole programs, and it would have taken days to wait for each tiny file to go under quarantine. Should I un-quarantine them before continuing?
     
    lady, Sep 2, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes it may be better or the uninstalls may not work.
     
    chaslang, Sep 2, 2013
    #4
  5. lady

    lady Private E-2

    Hi, when I restored my quarantined files, and saw "diamondata" and "expressfiles" on my program list, so I also uninstalled those two.
    Now my Explorer seems to be working fine, no more pop ups :)
    My Chrome still won't play any sound...
    The other thing I noticed since my laptop was compromised, is that it now seems to be getting hotter, and the fan has been whirling much more than before. When I open Chrome, the fan starts up!! And then when I close it, it cools back down.

    Any more suggestions?
     

    Attached Files:

    lady, Sep 2, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may have a few unwanted addons still hooked into Chrome. It would be best to uninstall Chrome and then reboot. After reboot delete the below folders:

    C:\Program Files (x86)\Google\Chrome
    C:\Users\Tony\AppData\Local\Google\Chrome

    Make sure you get the above two folders deleted before continuing.

    Now use Internet Explorer to redownload and install the below more recent version of Chrome:

    Google Chrome 29.0.1547.62 Stable


    Did that help?
     
    chaslang, Sep 2, 2013
    #6
  7. lady

    lady Private E-2

    I cannot uninstall Chrome. When I try using Control Panel, a window pops up saying that I have Chrome windows open, even though I don't. When I tried manually uninstalling it using https://support.google.com/chrome/answer/111899?hl=en , the remove.reg file wouldn't download, and then when I used the WikiHow link instead, it said it was not a registry script...
     
    lady, Sep 3, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Sep 3, 2013
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds